Advisory – Dangerous “nonce” Leak in UpdraftPlus
Marc-Alexandre Montpas If you’re a user of the UpdraftPlus plugin for WordPress, now is the time to update. During a routine audit of our Website Firewall (WAF),…
Browsing Category
Vulnerability Disclosure
254 posts
Creative Evasion Technique Against Website Firewalls
Lee Howarth During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces.…
Security Advisory – Vulnerabilities in Pagelines for WordPress
Users of both the Pagelines and Platform themes should update as soon as possible. During a routine audit for our WAF, we found two dangerous issues: A…
vBSEO’s Vulnerability Leads to Remote Code Execution
We were notified last week that the vBulletin team sent an email to all their clients about a potential security vulnerability in vBSEO. After further…
Serious Vulnerability in VBSEO
Daniel Cid The vBulletin team sent an email yesterday to all their clients about a potential security vulnerability in VBSEO. VBSEO is a widely used SEO module…
Analyzing The WordPress SoakSoak Favicon Backdoor
Denis Sinegubko This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. We also provide webmasters a…
SoakSoak Campaign Evolves – New Wave of Attacks
Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional…
SoakSoak Malware Compromises 100,000+ WordPress Websites
Tony Perez This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Our analysis is showing impacts…
Critical Vulnerability Affecting HD FLV Player
We’ve been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla, WordPress and custom websites. It was silently patched on Joomla…
Security Advisory – High Severity– WordPress Download Manager
Mickael Nadeau If you’re using the popular WP Download Manager plugin (around 850,000 downloads), you should update right away. During a routine audit for our Website Firewall…
Security Advisory – High Severity – InfiniteWP Client WordPress plugin
If you’re using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of…